This is correct, but I wish it had of been filed under the right component so we might have noticed it in the lead up to 1.0. Fixing the join filter properly will be backwards incompatible in a unsafe way (if you haven't HTML-escaped the literal, it will appear as non-escaped if we change this). So we might just have to wear the inconsistency and document it.

(In [9442]) Fixed #6948 -- The join filter was escaping the literal value that was
passed in for the connector. This was contrary to what the documentation
for autoescaping said and to what every other filter does with literal
strings as arguments.

This is backwards incompatible for the situation of the literal string
containing one of the five special HTML characters: if you were writing
{{ foo|join:"&" }}, you now have to write {{ foo| join:"&amp;" }}.
Previous behaviour was, as noted, a bug and contrary to what was
documented and expected.

(In [9443]) [1.0.X] Fixed #6948 -- The join filter was escaping the literal value
that was passed in for the connector. This was contrary to what the
documentation for autoescaping said and to what every other filter does
with literal strings as arguments.

This is backwards incompatible for the situation of the literal string
containing one of the five special HTML characters: if you were writing
{{ foo|join:"&" }}, you now have to write {{ foo| join:"&amp;" }}.
Previous behaviour was, as noted, a bug and contrary to what was
documented and expected.